mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 06:08:52 +00:00
A whole bunch of fixes
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3081 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
parent
795897d882
commit
dcceaa48ca
26 changed files with 233 additions and 139 deletions
|
|
@ -399,10 +399,17 @@ else if ( $mode != "" )
|
|||
// Get the submitted data, being careful to ensure that we only
|
||||
// accept the data we are looking for.
|
||||
//
|
||||
$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
|
||||
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
|
||||
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
|
||||
$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']);
|
||||
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']);
|
||||
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']);
|
||||
$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']);
|
||||
|
||||
// If no code was entered complain ...
|
||||
if ($smile_code == '' || $smile_url = '')
|
||||
{
|
||||
message_die(MESSAGE, $lang['Fields_empty']);
|
||||
}
|
||||
|
||||
//
|
||||
// Convert < and > to proper htmlentities for parsing.
|
||||
//
|
||||
|
|
|
|||
|
|
@ -129,18 +129,18 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
|
|||
$password_confirm = '';
|
||||
|
||||
$icq = stripslashes($icq);
|
||||
$aim = stripslashes($aim);
|
||||
$msn = stripslashes($msn);
|
||||
$yim = stripslashes($yim);
|
||||
$aim = htmlspecialchars(stripslashes($aim));
|
||||
$msn = htmlspecialchars(stripslashes($msn));
|
||||
$yim = htmlspecialchars(stripslashes($yim));
|
||||
|
||||
$website = stripslashes($website);
|
||||
$location = stripslashes($location);
|
||||
$occupation = stripslashes($occupation);
|
||||
$interests = stripslashes($interests);
|
||||
$signature = stripslashes($signature);
|
||||
$website = htmlspecialchars(stripslashes($website));
|
||||
$location = htmlspecialchars(stripslashes($location));
|
||||
$occupation = htmlspecialchars(stripslashes($occupation));
|
||||
$interests = htmlspecialchars(stripslashes($interests));
|
||||
$signature = htmlspecialchars(stripslashes($signature));
|
||||
|
||||
$user_lang = stripslashes($user_lang);
|
||||
$user_dateformat = stripslashes($user_dateformat);
|
||||
$user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
|
||||
|
||||
if ( !isset($HTTP_POST_VARS['cancelavatar']))
|
||||
{
|
||||
|
|
@ -713,24 +713,24 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
|
|||
|
||||
$template->assign_var_from_handle('ERROR_BOX', 'reg_header');
|
||||
|
||||
$username = stripslashes($username);
|
||||
$username = htmlspecialchars(stripslashes($username));
|
||||
$email = stripslashes($email);
|
||||
$password = '';
|
||||
$password_confirm = '';
|
||||
|
||||
$icq = stripslashes($icq);
|
||||
$aim = str_replace('+', ' ', stripslashes($aim));
|
||||
$msn = stripslashes($msn);
|
||||
$yim = stripslashes($yim);
|
||||
$aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim)));
|
||||
$msn = htmlspecialchars(stripslashes($msn));
|
||||
$yim = htmlspecialchars(stripslashes($yim));
|
||||
|
||||
$website = stripslashes($website);
|
||||
$location = stripslashes($location);
|
||||
$occupation = stripslashes($occupation);
|
||||
$interests = stripslashes($interests);
|
||||
$signature = stripslashes($signature);
|
||||
$website = htmlspecialchars(stripslashes($website));
|
||||
$location = htmlspecialchars(stripslashes($location));
|
||||
$occupation = htmlspecialchars(stripslashes($occupation));
|
||||
$interests = htmlspecialchars(stripslashes($interests));
|
||||
$signature = htmlspecialchars(stripslashes($signature));
|
||||
|
||||
$user_lang = stripslashes($user_lang);
|
||||
$user_dateformat = stripslashes($user_dateformat);
|
||||
$user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
|
||||
}
|
||||
}
|
||||
else if( !isset( $HTTP_POST_VARS['submit'] ) && $mode != 'save' && !isset( $HTTP_POST_VARS['avatargallery'] ) && !isset( $HTTP_POST_VARS['submitavatar'] ) && !isset( $HTTP_POST_VARS['cancelavatar'] ) )
|
||||
|
|
@ -757,21 +757,21 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
|
|||
// Now parse and display it as a template
|
||||
//
|
||||
$user_id = $this_userdata['user_id'];
|
||||
$username = $this_userdata['username'];
|
||||
$username = htmlspecialchars($this_userdata['username']);
|
||||
$email = $this_userdata['user_email'];
|
||||
$password = '';
|
||||
$password_confirm = '';
|
||||
|
||||
$icq = $this_userdata['user_icq'];
|
||||
$aim = str_replace('+', ' ', $this_userdata['user_aim'] );
|
||||
$msn = $this_userdata['user_msnm'];
|
||||
$yim = $this_userdata['user_yim'];
|
||||
$aim = htmlspecialchars(str_replace('+', ' ', $this_userdata['user_aim'] ));
|
||||
$msn = htmlspecialchars($this_userdata['user_msnm']);
|
||||
$yim = htmlspecialchars($this_userdata['user_yim']);
|
||||
|
||||
$website = $this_userdata['user_website'];
|
||||
$location = $this_userdata['user_from'];
|
||||
$occupation = $this_userdata['user_occ'];
|
||||
$interests = $this_userdata['user_interests'];
|
||||
$signature = $this_userdata['user_sig'];
|
||||
$website = htmlspecialchars($this_userdata['user_website']);
|
||||
$location = htmlspecialchars($this_userdata['user_from']);
|
||||
$occupation = htmlspecialchars($this_userdata['user_occ']);
|
||||
$interests = htmlspecialchars($this_userdata['user_interests']);
|
||||
$signature = ( $this_userdata['user_sig_bbcode_uid'] != '' ) ? htmlspecialchars(preg_replace("/:(([a-z0-9]+:)?)" . $this_userdata['user_sig_bbcode_uid'] . "\]/si", ']', $userdata['user_sig'])) : htmlspecialchars($userdata['user_sig']);
|
||||
|
||||
$viewemail = $this_userdata['user_viewemail'];
|
||||
$notifypm = $this_userdata['user_notify_pm'];
|
||||
|
|
@ -788,7 +788,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
|
|||
$user_style = $this_userdata['user_style'];
|
||||
$user_lang = $this_userdata['user_lang'];
|
||||
$user_timezone = $this_userdata['user_timezone'];
|
||||
$user_dateformat = $this_userdata['user_dateformat'];
|
||||
$user_dateformat = htmlspecialchars($this_userdata['user_dateformat']);
|
||||
|
||||
$user_status = $this_userdata['user_active'];
|
||||
$user_allowavatar = $this_userdata['user_allowavatar'];
|
||||
|
|
@ -980,8 +980,6 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
|
|||
$rank_select_box .= '<option value="' . $rank_id . '"' . $selected . '>' . $rank . '</option>';
|
||||
}
|
||||
|
||||
$signature = preg_replace('/\:[0-9a-z\:]*?\]/si', ']', $signature);
|
||||
|
||||
$template->set_filenames(array(
|
||||
"body" => "admin/user_edit_body.tpl")
|
||||
);
|
||||
|
|
|
|||
Binary file not shown.
|
|
@ -270,6 +270,7 @@ CREATE TABLE phpbb_search_wordmatch (
|
|||
post_id mediumint(8) UNSIGNED NOT NULL default '0',
|
||||
word_id mediumint(8) UNSIGNED NOT NULL default '0',
|
||||
title_match tinyint(1) NOT NULL default '0',
|
||||
KEY post_id (post_id),
|
||||
KEY word_id (word_id)
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -264,6 +264,7 @@ CREATE TABLE phpbb_search_wordmatch (
|
|||
title_match int2 NOT NULL default '0'
|
||||
);
|
||||
CREATE INDEX word_id_phpbb_search_wordmatch ON phpbb_search_wordmatch (word_id);
|
||||
CREATE INDEX post_id_phpbb_search_wordmatch ON phpbb_search_wordmatch (post_id);
|
||||
|
||||
|
||||
/* --------------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
// Remove or comment the next line (die(".... ) to enable this script.
|
||||
// Do NOT FORGET to either remove this script or disable it after you have used it.
|
||||
//
|
||||
die("Please read the first lines of this script for instructions on how to enable it");
|
||||
//die("Please read the first lines of this script for instructions on how to enable it");
|
||||
|
||||
$dirname = "./../language";
|
||||
$dir = opendir($dirname);
|
||||
|
|
|
|||
|
|
@ -287,7 +287,7 @@ else if ( isset($HTTP_POST_VARS['joingroup']) && $group_id )
|
|||
$emailer->assign_vars(array(
|
||||
'SITENAME' => $board_config['sitename'],
|
||||
'GROUP_MODERATOR' => $moderator['username'],
|
||||
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
|
||||
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
|
||||
|
||||
'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id&validate=true")
|
||||
);
|
||||
|
|
@ -569,7 +569,7 @@ else if ( $group_id )
|
|||
$emailer->assign_vars(array(
|
||||
'SITENAME' => $board_config['sitename'],
|
||||
'GROUP_NAME' => $group_name,
|
||||
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
|
||||
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
|
||||
|
||||
'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id")
|
||||
);
|
||||
|
|
@ -724,7 +724,7 @@ else if ( $group_id )
|
|||
$emailer->assign_vars(array(
|
||||
'SITENAME' => $board_config['sitename'],
|
||||
'GROUP_NAME' => $group_name,
|
||||
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
|
||||
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
|
||||
|
||||
'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id")
|
||||
);
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ class emailer
|
|||
//
|
||||
function set_subject($subject = '')
|
||||
{
|
||||
$this->subject = $subject;
|
||||
$this->subject = preg_replace('#[\n\r]+#s', '', $subject);
|
||||
}
|
||||
|
||||
//
|
||||
|
|
|
|||
|
|
@ -176,7 +176,7 @@ function make_jumpbox($action, $match_forum_id = 0)
|
|||
|
||||
if ( isset($SID) )
|
||||
{
|
||||
$boxstring .= '<input type="hidden" name="sid" value="' . $SID . '" />';
|
||||
$boxstring .= '<input type="hidden" name="sid" value="' . substr($SID, 4) . '" />';
|
||||
}
|
||||
|
||||
$template->set_filenames(array(
|
||||
|
|
|
|||
|
|
@ -160,7 +160,7 @@ function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on,
|
|||
$bbcode_uid = ( $bbcode_on ) ? make_bbcode_uid() : '';
|
||||
$message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
|
||||
}
|
||||
else if ( $mode != 'delete' && $mode != 'polldelete' )
|
||||
else if ( $mode != 'delete' && $mode != 'poll_delete' )
|
||||
{
|
||||
$error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
|
||||
}
|
||||
|
|
@ -233,7 +233,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
|
|||
{
|
||||
if ( $row = $db->sql_fetchrow($result) )
|
||||
{
|
||||
if ( $row['last_post_time'] > 0 && ( $current_time - $row['last_post_time'] ) < $board_config['flood_interval'] )
|
||||
if ( intval($row['last_post_time']) > 0 && ( $current_time - intval($row['last_post_time']) ) < intval($board_config['flood_interval']) )
|
||||
{
|
||||
message_die(GENERAL_MESSAGE, $lang['Flood_Error']);
|
||||
}
|
||||
|
|
@ -278,7 +278,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
|
|||
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
|
||||
}
|
||||
|
||||
add_search_words($post_id, stripslashes($post_message), stripslashes($post_subject));
|
||||
add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject));
|
||||
|
||||
//
|
||||
// Add poll
|
||||
|
|
@ -634,9 +634,9 @@ function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id
|
|||
$update_watched_sql = '';
|
||||
if ( $row = $db->sql_fetchrow($result) )
|
||||
{
|
||||
@set_time_limit(120);
|
||||
@set_time_limit(240);
|
||||
|
||||
$topic_title = preg_replace($orig_word, $replacement_word, unprepare_message($row['topic_title']));
|
||||
$topic_title = (count($orig_word)) ? preg_replace($orig_word, $replacement_word, unprepare_message($row['topic_title'])) : unprepare_message($row['topic_title']);
|
||||
|
||||
do
|
||||
{
|
||||
|
|
@ -648,7 +648,7 @@ function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id
|
|||
$emailer->extra_headers($email_headers);
|
||||
|
||||
$emailer->assign_vars(array(
|
||||
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
|
||||
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
|
||||
'USERNAME' => $row['username'],
|
||||
'SITENAME' => $board_config['sitename'],
|
||||
'TOPIC_TITLE' => $topic_title,
|
||||
|
|
|
|||
|
|
@ -97,11 +97,11 @@ function split_words(&$entry, $mode = 'post')
|
|||
return $split_entries[1];
|
||||
}
|
||||
|
||||
function add_search_words($post_id, $post_text, $post_title = '')
|
||||
function add_search_words($mode, $post_id, $post_text, $post_title = '')
|
||||
{
|
||||
global $db, $phpbb_root_path, $board_config, $lang;
|
||||
|
||||
$stopwords_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt");
|
||||
$stopword_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt");
|
||||
$synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_synonyms.txt");
|
||||
|
||||
$search_raw_words = array();
|
||||
|
|
@ -244,7 +244,7 @@ function add_search_words($post_id, $post_text, $post_title = '')
|
|||
}
|
||||
}
|
||||
|
||||
if ( $mode == 'single' )
|
||||
if ($mode == 'single')
|
||||
{
|
||||
remove_common('single', 0.4, $word);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -331,7 +331,7 @@ class Template {
|
|||
if ($block_nesting_level < 2)
|
||||
{
|
||||
// Block is not nested.
|
||||
$code_lines[$i] = '$_' . $a[1] . '_count = ( isset($this->_tpldata[\'' . $n[1] . '.\']) ) ? sizeof($this->_tpldata[\'' . $n[1] . '.\']) : 0;';
|
||||
$code_lines[$i] = '$_' . $n[1] . '_count = ( isset($this->_tpldata[\'' . $n[1] . '.\']) ) ? sizeof($this->_tpldata[\'' . $n[1] . '.\']) : 0;';
|
||||
$code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)';
|
||||
$code_lines[$i] .= "\n" . '{';
|
||||
}
|
||||
|
|
@ -347,7 +347,7 @@ class Template {
|
|||
// current indices of all parent blocks.
|
||||
$varref = $this->generate_block_data_ref($namespace, false);
|
||||
// Create the for loop code to iterate over this block.
|
||||
$code_lines[$i] = '$_' . $a[1] . '_count = ( isset(' . $varref . ') ) ? sizeof(' . $varref . ') : 0;';
|
||||
$code_lines[$i] = '$_' . $n[1] . '_count = ( isset(' . $varref . ') ) ? sizeof(' . $varref . ') : 0;';
|
||||
$code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)';
|
||||
$code_lines[$i] .= "\n" . '{';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ if ( !defined('IN_PHPBB') )
|
|||
exit;
|
||||
}
|
||||
|
||||
$sql = "SELECT user_active, user_id, user_email, user_newpasswd, user_lang, user_actkey
|
||||
$sql = "SELECT user_active, user_id, username, user_email, user_newpasswd, user_lang, user_actkey
|
||||
FROM " . USERS_TABLE . "
|
||||
WHERE user_id = " . intval($HTTP_GET_VARS[POST_USERS_URL]);
|
||||
if ( !($result = $db->sql_query($sql)) )
|
||||
|
|
@ -57,7 +57,7 @@ if ( $row = $db->sql_fetchrow($result) )
|
|||
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update);
|
||||
}
|
||||
|
||||
if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == '' )
|
||||
if ( intval($board_config['require_activation']) == USER_ACTIVATION_ADMIN && $sql_update_pass == '' )
|
||||
{
|
||||
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
|
||||
$emailer = new emailer($board_config['smtp_delivery']);
|
||||
|
|
@ -71,9 +71,9 @@ if ( $row = $db->sql_fetchrow($result) )
|
|||
|
||||
$emailer->assign_vars(array(
|
||||
'SITENAME' => $board_config['sitename'],
|
||||
'USERNAME' => $username,
|
||||
'USERNAME' => $row['username'],
|
||||
'PASSWORD' => $password_confirm,
|
||||
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']))
|
||||
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '')
|
||||
);
|
||||
$emailer->send();
|
||||
$emailer->reset();
|
||||
|
|
|
|||
|
|
@ -242,7 +242,7 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
|
|||
return $avatar_sql;
|
||||
}
|
||||
|
||||
function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current_email, &$coppa, &$username, &$email, &$new_password, &$cur_password, &$password_confirm, &$icq, &$aim, &$msn, &$yim, &$website, &$location, &$occupation, &$interests, &$signature, &$viewemail, &$notifypm, &$popuppm, &$notifyreply, &$attachsig, &$allowhtml, &$allowbbcode, &$allowsmilies, &$hideonline, &$style, &$language, &$timezone, &$dateformat)
|
||||
function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current_email, &$coppa, &$username, &$email, &$new_password, &$cur_password, &$password_confirm, &$icq, &$aim, &$msn, &$yim, &$website, &$location, &$occupation, &$interests, &$signature, &$viewemail, &$notifypm, &$popuppm, &$notifyreply, &$attachsig, &$allowhtml, &$allowbbcode, &$allowsmilies, &$hideonline, &$style, &$language, &$timezone, &$dateformat, &$session_id)
|
||||
{
|
||||
global $board_config, $db, $template, $lang, $images, $theme;
|
||||
global $phpbb_root_path, $phpEx;
|
||||
|
|
@ -320,7 +320,7 @@ function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current
|
|||
|
||||
$params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'cur_password', 'new_password', 'password_confirm', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popuppm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'hideonline', 'style', 'language', 'timezone', 'dateformat');
|
||||
|
||||
$s_hidden_vars = '<input type="hidden" name="agreed" value="true" />';
|
||||
$s_hidden_vars = '<input type="hidden" name="session_id" value="' . $session_id . '" /><input type="hidden" name="agreed" value="true" />';
|
||||
|
||||
for($i = 0; $i < count($params); $i++)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -62,6 +62,11 @@ if ( $result = $db->sql_query($sql) )
|
|||
|
||||
if ( isset($HTTP_POST_VARS['submit']) )
|
||||
{
|
||||
if (!isset($HTTP_POST_VARS['session_id']) || $HTTP_POST_VARS['session_id'] != $userdata['session_id'])
|
||||
{
|
||||
message_die(ERROR, 'Invalid_session');
|
||||
}
|
||||
|
||||
$error = FALSE;
|
||||
|
||||
if ( !empty($HTTP_POST_VARS['subject']) )
|
||||
|
|
@ -170,6 +175,7 @@ if ( $result = $db->sql_query($sql) )
|
|||
$template->assign_vars(array(
|
||||
'USERNAME' => $username,
|
||||
|
||||
'S_HIDDEN_FIELDS' => '<input type="hidden" name="session_id" value="' . $userdata['session_id'] . '" />',
|
||||
'S_POST_ACTION' => append_sid("profile.$phpEx?&mode=email&" . POST_USERS_URL . "=$user_id"),
|
||||
|
||||
'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'],
|
||||
|
|
|
|||
|
|
@ -80,6 +80,11 @@ if (
|
|||
isset($HTTP_POST_VARS['cancelavatar']) ||
|
||||
$mode == 'register' )
|
||||
{
|
||||
if (!isset($HTTP_POST_VARS['session_id']) || $HTTP_POST_VARS['session_id'] != $userdata['session_id'])
|
||||
{
|
||||
message_die(ERROR, 'Invalid_session_id');
|
||||
}
|
||||
|
||||
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
|
||||
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
|
||||
include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
|
||||
|
|
@ -183,18 +188,18 @@ if (
|
|||
$password_confirm = stripslashes($password_confirm);
|
||||
|
||||
$icq = stripslashes($icq);
|
||||
$aim = stripslashes($aim);
|
||||
$msn = stripslashes($msn);
|
||||
$yim = stripslashes($yim);
|
||||
$aim = htmlspecialchars(stripslashes($aim));
|
||||
$msn = htmlspecialchars(stripslashes($msn));
|
||||
$yim = htmlspecialchars(stripslashes($yim));
|
||||
|
||||
$website = stripslashes($website);
|
||||
$location = stripslashes($location);
|
||||
$occupation = stripslashes($occupation);
|
||||
$interests = stripslashes($interests);
|
||||
$signature = stripslashes($signature);
|
||||
$website = htmlspecialchars(stripslashes($website));
|
||||
$location = htmlspecialchars(stripslashes($location));
|
||||
$occupation = htmlspecialchars(stripslashes($occupation));
|
||||
$interests = htmlspecialchars(stripslashes($interests));
|
||||
$signature = htmlspecialchars(stripslashes($signature));
|
||||
|
||||
$user_lang = stripslashes($user_lang);
|
||||
$user_dateformat = stripslashes($user_dateformat);
|
||||
$user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
|
||||
|
||||
if ( !isset($HTTP_POST_VARS['cancelavatar']))
|
||||
{
|
||||
|
|
@ -459,7 +464,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
|
|||
$emailer->assign_vars(array(
|
||||
'SITENAME' => $board_config['sitename'],
|
||||
'USERNAME' => $username,
|
||||
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
|
||||
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
|
||||
|
||||
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
|
||||
);
|
||||
|
|
@ -651,7 +656,7 @@ if ( $error )
|
|||
$signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $signature) : $signature;
|
||||
|
||||
$user_lang = stripslashes($user_lang);
|
||||
$user_dateformat = stripslashes($user_dateformat);
|
||||
$user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
|
||||
|
||||
}
|
||||
else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) )
|
||||
|
|
@ -690,7 +695,7 @@ else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) &&
|
|||
$user_style = $userdata['user_style'];
|
||||
$user_lang = $userdata['user_lang'];
|
||||
$user_timezone = $userdata['user_timezone'];
|
||||
$user_dateformat = $userdata['user_dateformat'];
|
||||
$user_dateformat = htmlspecialchars($userdata['user_dateformat']);
|
||||
}
|
||||
|
||||
//
|
||||
|
|
@ -721,7 +726,7 @@ if( isset($HTTP_POST_VARS['avatargallery']) && !$error )
|
|||
|
||||
$allowviewonline = !$allowviewonline;
|
||||
|
||||
display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, &$new_password, &$cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popuppm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat);
|
||||
display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, &$new_password, &$cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popuppm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat, $userdata['session_id']);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -754,7 +759,7 @@ else
|
|||
}
|
||||
}
|
||||
|
||||
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />';
|
||||
$s_hidden_fields = '<input type="hidden" name="session_id" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />';
|
||||
if( $mode == 'editprofile' )
|
||||
{
|
||||
$s_hidden_fields .= '<input type="hidden" name="user_id" value="' . $userdata['user_id'] . '" />';
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
|
|||
'SITENAME' => $board_config['sitename'],
|
||||
'USERNAME' => $username,
|
||||
'PASSWORD' => $user_password,
|
||||
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
|
||||
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
|
||||
|
||||
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
|
||||
);
|
||||
|
|
|
|||
|
|
@ -574,6 +574,7 @@ $lang['password_confirm_if_changed'] = 'Je hoeft alleen je wachtwoord te bevesti
|
|||
|
||||
$lang['Avatar'] = 'Avatar';
|
||||
$lang['Avatar_explain'] = 'Laat een kleine afbeelding onder je naam zien in ieder bericht. Je kan maar één afbeelding tegelijkertijd gebruiken, de breedte mag niet meer dan %d pixels zijn, de hoogte moet onder de %d pixels blijven. De maximale bestandsgrootte is %dKB';
|
||||
$lang['Upload_Avatar_file'] = 'Upload Avatar vanaf jouw machine';
|
||||
$lang['Upload_Avatar_URL'] = 'Upload Avatar vanaf een Internet lokatie (URL)';
|
||||
$lang['Upload_Avatar_URL_explain'] = 'Geef de URL waar je Avatar staat, de afbeelding wordt gekopieerd naar deze site.';
|
||||
$lang['Pick_local_Avatar'] = 'Selecteer een Avatar uit de gallery';
|
||||
|
|
|
|||
|
|
@ -110,7 +110,7 @@ if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
|
|||
|
||||
switch( $mode )
|
||||
{
|
||||
case 'joindate':
|
||||
case 'joined':
|
||||
$order_by = "user_regdate ASC LIMIT $start, " . $board_config['topics_per_page'];
|
||||
break;
|
||||
case 'username':
|
||||
|
|
|
|||
|
|
@ -121,6 +121,26 @@ if ( isset($HTTP_POST_VARS['cancel']) )
|
|||
exit;
|
||||
}
|
||||
|
||||
//
|
||||
// Compare sid ... if sids don't match
|
||||
// output message ... note that AOL'ers may
|
||||
// obtain this error until the session code
|
||||
// is modified to change the 6 to 4 in the IP
|
||||
// comparison checks ... or if a user takes
|
||||
// longer than session time to submit the form
|
||||
// both can be easily altered by the admin
|
||||
//
|
||||
if ( $submit || $refresh )
|
||||
{
|
||||
if (!isset($HTTP_POST_VARS['session_id']) || $HTTP_POST_VARS['session_id'] != $userdata['session_id'])
|
||||
{
|
||||
// I've not added this to the language set at this time ... re-releasing
|
||||
// every single language to include this for the once in a blue moon
|
||||
// time it will be output is just not worthwhile at present.
|
||||
message_die(GENERAL_MESSAGE, 'Invalid_session');
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// What auth type do we need to check?
|
||||
//
|
||||
|
|
@ -545,6 +565,7 @@ else if ( $submit || $confirm )
|
|||
$topic_type = ( $topic_type != $post_data['topic_type'] && !$is_auth['auth_sticky'] && !$is_auth['auth_announce'] ) ? $post_data['topic_type'] : $topic_type;
|
||||
|
||||
submit_post($mode, $post_data, $return_message, $return_meta, $forum_id, $topic_id, $post_id, $poll_id, $topic_type, $bbcode_on, $html_on, $smilies_on, $attach_sig, $bbcode_uid, str_replace("\'", "''", $username), str_replace("\'", "''", $subject), str_replace("\'", "''", $message), str_replace("\'", "''", $poll_title), $poll_options, $poll_length);
|
||||
|
||||
if ( $error_msg == '' )
|
||||
{
|
||||
user_notification($mode, $post_data, $forum_id, $topic_id, $post_id, $notify_user);
|
||||
|
|
@ -908,7 +929,7 @@ if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] )
|
|||
}
|
||||
}
|
||||
|
||||
$hidden_form_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
|
||||
$hidden_form_fields = '<input type="hidden" name="session_id" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" />';
|
||||
|
||||
switch( $mode )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1151,7 +1151,7 @@ else if ( $submit || $refresh || $mode != '' )
|
|||
$emailer->assign_vars(array(
|
||||
'USERNAME' => $to_username,
|
||||
'SITENAME' => $board_config['sitename'],
|
||||
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
|
||||
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
|
||||
|
||||
'U_INBOX' => $server_protocol . $server_name . $server_port . $script_name . '?folder=inbox')
|
||||
);
|
||||
|
|
|
|||
Binary file not shown.
|
Before Width: | Height: | Size: 693 B After Width: | Height: | Size: 666 B |
|
|
@ -57,7 +57,7 @@ function checkForm(formObj) {
|
|||
</table></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="catBottom" colspan="2" align="center" height="28"><input type="submit" tabindex="6" name="submit" class="mainoption" value="{L_SEND_EMAIL}" /></td>
|
||||
<td class="catBottom" colspan="2" align="center" height="28">{S_HIDDEN_FIELDS}<input type="submit" tabindex="6" name="submit" class="mainoption" value="{L_SEND_EMAIL}" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
|
|
|||
|
|
@ -441,7 +441,30 @@ switch ( $row['config_value'] )
|
|||
END OF DROP GROUP -- don't remove anything after this point!
|
||||
-------------------------------------------------------------- */
|
||||
break;
|
||||
|
||||
}
|
||||
|
||||
case '.0.3':
|
||||
|
||||
// Need to add index to post_id in search_wordmatch (mysql, postgresql, msaccess ... both indexes)
|
||||
// Add auto_increment equiv to groups table (Doug overlooked it ...) for pgsql and msaccess
|
||||
|
||||
//mysql
|
||||
|
||||
//pgsql
|
||||
"CREATE SEQUENCE phpbb_groups_id_seq start 3 increment 1 maxvalue 2147483647 minvalue 1 cache 1";
|
||||
CREATE TABLE temp AS SELECT did, city FROM distributors;
|
||||
DROP TABLE distributors;
|
||||
CREATE TABLE distributors (
|
||||
did DECIMAL(3) DEFAULT 1,
|
||||
name VARCHAR(40) NOT NULL,
|
||||
);
|
||||
INSERT INTO distributors SELECT * FROM temp;
|
||||
DROP TABLE temp;
|
||||
CREATE INDEX post_id_phpbb_search_wordmatch ON phpbb_search_wordmatch (post_id);
|
||||
|
||||
//msaccess
|
||||
|
||||
}
|
||||
|
||||
echo "<h2>Updating database schema</h2>\n";
|
||||
|
|
|
|||
|
|
@ -1900,7 +1900,7 @@ if ( !empty($next) )
|
|||
{
|
||||
do
|
||||
{
|
||||
add_search_words($row['post_id'], $row['post_text'], $row['post_subject']);
|
||||
add_search_words('global', $row['post_id'], $row['post_text'], $row['post_subject']);
|
||||
|
||||
$inc++;
|
||||
if ( $inc == $per_pct )
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ if ( isset($HTTP_GET_VARS['view']) && empty($HTTP_GET_VARS[POST_POST_URL]) )
|
|||
|
||||
if ( $row = $db->sql_fetchrow($result) )
|
||||
{
|
||||
$topic_id = $row['topic_id'];
|
||||
$topic_id = intval($row['topic_id']);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -153,7 +153,7 @@ if ( !($forum_topic_data = $db->sql_fetchrow($result)) )
|
|||
message_die(GENERAL_MESSAGE, 'Topic_post_not_exist');
|
||||
}
|
||||
|
||||
$forum_id = $forum_topic_data['forum_id'];
|
||||
$forum_id = intval($forum_topic_data['forum_id']);
|
||||
|
||||
//
|
||||
// Start session management
|
||||
|
|
@ -191,12 +191,12 @@ if( !$is_auth['auth_view'] || !$is_auth['auth_read'] )
|
|||
|
||||
$forum_name = $forum_topic_data['forum_name'];
|
||||
$topic_title = $forum_topic_data['topic_title'];
|
||||
$topic_id = $forum_topic_data['topic_id'];
|
||||
$topic_id = intval($forum_topic_data['topic_id']);
|
||||
$topic_time = $forum_topic_data['topic_time'];
|
||||
|
||||
if ( !empty($post_id) )
|
||||
{
|
||||
$start = floor(($forum_topic_data['prev_posts'] - 1) / $board_config['posts_per_page']) * $board_config['posts_per_page'];
|
||||
$start = floor(($forum_topic_data['prev_posts'] - 1) / intval($board_config['posts_per_page'])) * intval($board_config['posts_per_page']);
|
||||
}
|
||||
|
||||
//
|
||||
|
|
@ -317,7 +317,7 @@ $previous_days_text = array($lang['All_Posts'], $lang['1_Day'], $lang['7_Days'],
|
|||
if( !empty($HTTP_POST_VARS['postdays']) || !empty($HTTP_GET_VARS['postdays']) )
|
||||
{
|
||||
$post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? $HTTP_POST_VARS['postdays'] : $HTTP_GET_VARS['postdays'];
|
||||
$min_post_time = time() - ($post_days * 86400);
|
||||
$min_post_time = time() - (intval($post_days) * 86400);
|
||||
|
||||
$sql = "SELECT COUNT(p.post_id) AS num_posts
|
||||
FROM " . TOPICS_TABLE . " t, " . POSTS_TABLE . " p
|
||||
|
|
@ -329,7 +329,7 @@ if( !empty($HTTP_POST_VARS['postdays']) || !empty($HTTP_GET_VARS['postdays']) )
|
|||
message_die(GENERAL_ERROR, "Could not obtain limited topics count information", '', __LINE__, __FILE__, $sql);
|
||||
}
|
||||
|
||||
$total_replies = ( $row = $db->sql_fetchrow($result) ) ? $row['num_posts'] : 0;
|
||||
$total_replies = ( $row = $db->sql_fetchrow($result) ) ? intval($row['num_posts']) : 0;
|
||||
|
||||
$limit_posts_time = "AND p.post_time >= $min_post_time ";
|
||||
|
||||
|
|
@ -340,7 +340,7 @@ if( !empty($HTTP_POST_VARS['postdays']) || !empty($HTTP_GET_VARS['postdays']) )
|
|||
}
|
||||
else
|
||||
{
|
||||
$total_replies = $forum_topic_data['topic_replies'] + 1;
|
||||
$total_replies = intval($forum_topic_data['topic_replies']) + 1;
|
||||
|
||||
$limit_posts_time = '';
|
||||
$post_days = 0;
|
||||
|
|
@ -409,9 +409,40 @@ if ( $row = $db->sql_fetchrow($result) )
|
|||
}
|
||||
else
|
||||
{
|
||||
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
|
||||
sync('topic', $topic_id);
|
||||
|
||||
message_die(GENERAL_MESSAGE, $lang['No_posts_topic']);
|
||||
}
|
||||
|
||||
$resync = FALSE;
|
||||
if ($forum_topic_data['topic_replies'] + 1 < $start + count($postrows))
|
||||
{
|
||||
$resync = TRUE;
|
||||
}
|
||||
elseif ($start + $board_config['posts_per_page'] > $forum_topic_data['topic_replies'])
|
||||
{
|
||||
$row_id = intval($forum_topic_data['topic_replies']) % intval($board_config['posts_per_page']);
|
||||
if ($postrows[$row_id]['post_id'] != $forum_topic_data['topic_last_post_id'] || $start + count($postrows) < $forum_topic_data['topic_replies'])
|
||||
{
|
||||
$resync = TRUE;
|
||||
}
|
||||
}
|
||||
elseif (count($postrows) < $board_config['posts_per_page'])
|
||||
{
|
||||
$resync = TRUE;
|
||||
}
|
||||
|
||||
if ($resync)
|
||||
{
|
||||
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
|
||||
sync('topic', $topic_id);
|
||||
|
||||
$result = $db->sql_query('SELECT COUNT(post_id) AS total FROM ' . POSTS_TABLE . ' WHERE topic_id = ' . $topic_id);
|
||||
$row = $db->sql_fetchrow($result);
|
||||
$total_replies = $row['total'];
|
||||
}
|
||||
|
||||
$sql = "SELECT *
|
||||
FROM " . RANKS_TABLE . "
|
||||
ORDER BY rank_special, rank_min";
|
||||
|
|
@ -597,7 +628,7 @@ $template->assign_vars(array(
|
|||
'TOPIC_ID' => $topic_id,
|
||||
'TOPIC_TITLE' => $topic_title,
|
||||
'PAGINATION' => $pagination,
|
||||
'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / $board_config['posts_per_page'] ) + 1 ), ceil( $total_replies / $board_config['posts_per_page'] )),
|
||||
'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / intval($board_config['posts_per_page']) ) + 1 ), ceil( $total_replies / intval($board_config['posts_per_page']) )),
|
||||
|
||||
'POST_IMG' => $post_img,
|
||||
'REPLY_IMG' => $reply_img,
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue